U.S. PATENT APPLICATION 10/026,403 
Response to Final Office Action Dated April 6, 2009 
Attorney Docket: 72167.000570 

REMARKS 

The Office Action dated April 6, 2009, ("Office Action") has been received and carefully 
considered. Claims 1-4, 6, 8-20, 23 and 25-29 are pending in this application. 

Reconsideration of the outstanding rejection in the present application is respectfully 
requested based on the following remarks. 

A. The Examiner Interview 

At the outset, Applicant thanks the Examiner for the courtesies extended to Applicant's 
representative Dalei Dong, during the interview conducted on June 1 1, 2009, during which 
agreement was reached that the cited portion of Squier fails to disclose, or even suggest, various 
limitations of the present application, which is reflected herein. 

B. The 35 U.S.C. §103 Rejection Based on Squier and Sampson 

Claims 9-19, and 23 are currently rejected under 35 U.S.C. 103(a) as being allegedly 
unpatentable over U.S. Patent No. 7,188,181 to Squier et al. ("Squier") in view of U.S. Patent 
No. 6,339,423 to Sampson et al. ("Sampson"). This rejection is traversed. 

Regarding claim 9, the Office Action alleges that Squier discloses that "the first system 
inputting information from the second system, and in response, the first system outputting. to 
the second system, a determination that the first system has a valid session credential for the 
client at the first system , and the second effecting successful authentication so as to grant 
access, to the further protected resource on the second system, to the client based on the 
determination from the first system that the client has a valid session credential with the first 
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system " as recited in claim 9 (emphasis added). As discussed in the Interview, Applicant 
respectfully disagrees. In contrast, Squier merely discloses that if the origin server can 
authenticate the session identifier at step 216, the destination server creates a second session 
identifier for the user at step 220. The second session identifier created by the destination 
server allows the user to freely access services on the destination server without having to 
separately log onto the destination servers as depicted in step 214. See, column 6, lines 57-62. 

Applicant submits that the data sharing process disclosed in Squier ends after the 
destination server creates a second session identifier to allow user to access services on the 
destination server and fails to disclose, or even suggest, that the destination server outputting 
the second session identifier to the origin server and the origin server grant access, to the further 
protected resource on the origin server to the client based on the determination from the 
destination server that the client has a second session identifier with the destination server. 
Therefore, Applicant respectfully submits that Squier, at best, discloses a destination server 
issuing a second session identifier to the client and fails to disclose, or even suggest, that "the 
first system inputting information from the second system, and in response, the first system 
outputting, to the second system, a determination that the first system has a valid session 
credential for the client at the first system , and the second effecting successful authentication so 
as to grant access, to the further protected resource on the second system, to the client based on 
the determination from the first system that the client has a valid session credential with the first 
system " as recited in claim 9 (emphasis added). 



Also, as set forth in M.P.E.P 706.02(j), 35 U.S.C. 103 authorizes a rejection where, to 
meet the claim, it is necessary to modify a single reference or to combine it with one or more 
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other references. M.P.E.P 706.02(j) indicates that after indicating that the rejection is under 35 
U.S.C. 103, the Examiner should set forth in the Office Action: 

(A) the relevant teachings of the prior art relied upon, preferably with reference to the 
relevant column or page number(s) and line number(s) where appropriate, 

(B) the difference or differences in the claim over the applied reference(s), 

(C) the proposed modification of the applied reference(s) necessary to arrive at the 
claimed subject matter, and 

(D) an explanation why one of ordinary skill in the art at the time the invention was made 
would have been motivated to make the proposed modification. 

M.P.E.P 706.02(j) references the well known requirements of Graham v. John Deere . 
Further, M.P.E.P 706.02(j) notes that it is important for an Examiner to properly communicate 
the basis for a rejection so that the issues can be identified early and the Applicant can be given 
fair opportunity to reply. 

Further, Applicant notes that in KSR, the Supreme Court did not eliminate the teaching, 

suggestion, or motivation (TSM) test from the determination of obviousness, but rather merely 

opposed "a formalistic conception of the words teaching, suggestion, and motivation, or . . . 

overemphasis on the importance of published articles and the explicit content of issued patents." 

KSR International Col. v. Teleflex Inc., 127 S. Ct. 1727, 1741 (2007). As the Federal Circuit has 

subsequently explained: 

[A] flexible TSM test remains the primary guarantor against a non- 
statutory hindsight analysis.... The TSM test, flexibly applied, merely 
assures that the obviousness test proceeds on the basis of evidence - 
teachings, suggestions (a tellingly broad term), or motivations (an equally 
broad term) - that arise before the time of invention as the statute requires. 
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Ortho-McNeil Pharmaceutical v. Mylan, 2007-1223, *11 (Fed. Cir. Mar. 31, 2008) (emphasis 

added). Thus, to establish a prima facie case of obviousness the Examiner must show evidence 

of teaching, suggestion, or motivation to make the proposed combination of references that arose 

before the time of invention. Such a showing is required to guard against allegations of 

obviousness that are actually derived from impermissible hindsight. 

On pages 2-3, the Office Action asserts various alleged teachings of Squier. Thereafter, 

on page 4, the Office Action acknowledges deficiencies of Squier, and attempts to cure those 

deficiencies with Sampson. Specifically, the Office Action asserts: 

Squier et al. discloses that the request and session information are sent at the 

same time (see column 5 lines 54-63), therefore fails to disclose the session information 

is retrieved from the client after determining that the client does not have valid session 

credentials. 

However, Sampson et al. teaches sending a request to a server and the server 
determining that the client doesn't have valid session credentials and requesting a 
session token from the client (see column 3 lines 34-43 where the data transmitted to 
the browser to go to the first server is a request to get a session token, i.e. cookies). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to request the client of Squier et al. to send a session token when it is 
determined that the client doesn't have valid session credentials. 

Motivation to do so would have been to allow a user to obtain credentials to 
access a server when the user did not originally have the credentials (see Sampson et 
al. column 3 lines 34-43). 



Thus, the Office Action sets forth that the motivation to modify Squier would have been 
to allow a user to obtain credentials to access a server when the user did not originally have the 
credentials. Applicant submits that such motivation fails to support the proposed combination 
and fails to satisfy the requirements as set forth in KSR. 

That is, the Office Action's reason to modify Squier with the teachings of Sampson is to 
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provide Squier with the feature of allowing a user to obtain credentials to access a server when 
the user did not originally have the credentials. However, Squier clearly already provides such 
feature. Indeed, on page 3, lines 14-21, the Office Action clearly acknowledges that Squier 
provides such feature. In other words, the Office Action proposes to make a fundamental 
change to the operation of Squier (using teachings of Sampson) based on the asserted reason of 
providing Squier with a feature that Squier already has. Such basis for the rejection is clearly 
not supportable, and would not reasonably have motivated the one of ordinary skill to make 
such combination. In particular, Squier discloses in Figure 1, a diagram showing multiple 
servers containing Web sites in one domain and a browser in communication with one of the 
servers. See, e.g., column 4, lines 15-18 (emphasis added). Also, Squier discloses at step 210, 
that the user branches out and requests services from another Web site on another server, 
referred to as a destination server, which can communicate with the origin server and is in the 
same domain , as defined in RFC 2109. See, e.g., column 5, lines 54-57 (emphasis added). 
Moreover, Squier defines the Web sites in the same domain are those with the same top-level 
domain name, such as sun.com or a more narrow domain of eng.sun.com. See, e.g., column 5, 
lines 58-60. Additionally, Squier discloses that as defined in RFC 2109, only servers residing in 
the domain specified in the cookie can receive the cookie. See, e.g., column 6, lines 5-7. In 
contrast, Sampson discloses that a server is associated with each domain in a set of domains. 
Access to resource in the domains is governed by an access control system. A first server for a 
first domain transmits a data token to a client seeking access to a resource in a second domain . 
Also, Sampson discloses in Figure 2 that protected server 240 and resources 248 and 249 belong 
to primary domain 241, protected server 260 and resources 268 and 269 belong to secondary 
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domain agent 262. See, e.g., column 4, lines 50-53. Applicant submits that Squier discloses 
using a session identifier to access Web sites in a single domain while Sampson discloses using 
a cookie to access Web sites in multiple domains (emphasis added). Thus, Applicant 
respectfully submits that by utilizing the cookie to access Web sites in multiple domains of 
Sampson for the single domain of Squier would make a fundamental change to the operation of 
Squier. 

Moreover, Applicant respectfully submits that Sampson fails to disclose, or even 
suggest, "determining, at the first system that a client does not have a valid session credential 
granted by the first system ," as recited in claim 9. (emphasis added). In particular, Sampson 
merely discloses that the first server ensures that the user has been authenticated before 
transmitting the data token to the browser. See, column 3, lines 38-40. Therefore, Sampson at 
best, merely discloses ensuring that the user has been authenticated and fails to disclose, or even 
suggest, "determining, at the first system that a client does not have a valid session credential 
granted by the first system ," as recited in claim 9 (emphasis added). 

As alluded to above, Applicant submits that the proposed modification to Squier is 
indeed a fundamental change which would not have been obvious. That is, for example, Squier 
teaches (in portions of Squier referenced in the Office Action) at column 5, line 65 to column 6, 
line 15: 

the session identifier created by the origin server is passed or handed to 
the destination server by the user when the user makes the request on the 
destination Web site. By examining the session identifier the destination server 
can determine that the user got the identifier from the origin server from the 
name and value fields of the cookie handed to the destination server. Those fields 
will contain the origin Web site's identifier and the session identifier, 
respectively. As defined in RFC 2109, only servers residing in the domain the 
specified in the cookie can receive the cookie. As mentioned above, the session 

27 



U.S. PATENT APPLICATION 10/026,403 
Response to Final Office Action Dated April 6, 2009 
Attorney Docket: 72167.000570 



identifier uniquely identifies the user and a session. In the described embodiment 
it contains an identifier containing an indicator of the origin server. 

As asserted in Applicant's prior Response, such teachings, and the other disclosure of 
Squier, fail to teach the particulars of claim 9 reciting "determining, at the first system that a 
client does not have a valid session credential granted by the first system" and "after the 
determining, retrieving, at the first system, information from a session token held by the client, 
the information being retrieved from the client". 

Applicant submits that to modify Squire as proposed in the Office Action (i.e., as 
proposed on page 4, lines 9-1 1 of the Action) would change the operation of Squire in a 
fundamental manner. Indeed, Applicant submits that it is fully unclear how Squire would even 
be modified in such a manner. Applicant submits that the one of ordinary skill would not have 
been motivated to make such fundamental change to Squire, and in particular would not have 
been so motivated based on the lacking reasoning as set forth in the Office Action (i.e., on page 
4, lines 12-14). 

Accordingly, Applicant submits that claim 9 is allowable for at least these reasons, and 
withdrawal of the rejection under 35 U.S.C. §103 is respectfully requested. Applicant further 
submits that independent claims 1 1-13, 17, and 23 are allowable for similar reasons, and the 
claims dependent on these independent claims are allowable at least for their dependence on 
allowable claims. 

Regarding claim 10, the Office Action asserts on pages 2 and 3, that Squier and Sampson 
disclose the claimed limitations of claim 10, however, on page 6 of the Office Action, the 
Examiner asserts that Squier and Sampson fails to disclose the subject matter recited in claim 10. 
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Thus, Applicant respectfully submits that the obviousness rejection of claim 10 is improper and 
requests that the Examiner withdraw the obviousness rejection of claim 10. 
Withdrawal of the 35 U.S.C. 103 rejection is requested. 

C. The 35 U.S.C. §103 Rejection Based on Sguier. Sampson, and Howard 

Claims 1-4, 6, 8 and 20 are currently rejected under 35 U.S.C. 103(a) as being allegedly 
unpatentable over Squier in view of Sampson and further in view of U.S. Patent No. 6,584,505 to 
Howard et al. ("Howard"). 

The Office Action alleges various teachings of Squier, as modified by Sampson, as set 
forth above. Also, Applicant submits that Squier discloses "directing the client to the first 
system to establish a session credential based on successful authentication at the first system, 
after determining that the client does not have a valid session credential granted by the second 
system," as recited in claim 1. Applicant respectfully disagrees. In contrast, Squier merely 
discloses that the destination server creates a second session identifier for the user at step 220 in 
order to allow the user to access services on the destination server. See, e.g., column 6, lines 58- 
62. Thus, Applicant respectfully submits that Squier fails to disclose, or even suggest, "directing 
the client to the first system to establish a session credential based on successful authentication at 
the first system, after determining that the client does not have a valid session credential granted 
by the second system," as recited in claim 1. 

Also, the Office Action acknowledges, as to the rejected claims, that Squier and Sampson 
fails to teach features relating to the directing of the client (see Office Action on page 6, lines 5- 
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8). The Office Action then proposes to modify Squier with the teachings of Howard so as to 
cure such deficiencies. 

Applicant submits that even if it were obvious to so modify Squier, which Applicant does 
not admit, such modifications would fail to cure the deficiencies as discussed above. That is, 
Applicant submits that claims 1 and 20 are allowable for reasons similar to those set forth above 
with regard to claim 9. Accordingly, Applicant submits that the combination of Squier and 
Howard, as set forth in the Office Action, fail to teach or suggest each and every feature of the 
claimed invention. 

Withdrawal of the 35 U.S.C. 103 rejection is requested. 

D. The 35 U.S.C. §103 Rejection Based on Squier. Sampson, and Marks 

Claims 25 and 26 are rejected under 35 U.S.C. 103(a) as being allegedly unpatentable 
over Squier and Sampson and further in view of U.S. Patent Application Publication No. 
2001/0054059 to Marks et al. ("Marks"). 

The Office Action alleges various teachings of Squier, as modified by Sampson. 
However, the Office Action acknowledges, as to the rejected claims, that Squier and Sampson 
fails to teach features relating to the pay-per-use and the subscription content (see Office Action 
on page 7, lines 17-18). The Office Action proposes to modify Squier and Sampson with the 
teachings of Marks so as to cure such deficiencies. 

Applicant submits that even if it were obvious to so modify Squier, which Applicant does 
not admit, such modifications would fail to cure the deficiencies as discussed above as to the 
independent claims. Accordingly, Applicant submits that the combination of Squier, Sampson, 

30 



U.S. PATENT APPLICATION 10/026,403 
Response to Final Office Action Dated April 6, 2009 
Attorney Docket: 72167.000570 

and Marks, as set forth in the Office Action, fail to teach or suggest each and every feature of the 
claimed invention. 

Withdrawal of the 35 U.S.C. 103 rejection is requested. 

E. CONCLUSION 

For at least the reasons outlined above, Applicant respectfully asserts that the application 
is in condition for allowance. Favorable reconsideration and allowance of the claims are 
respectfully solicited. 

For any fees due in connection with filing this Response the Commissioner is hereby 
authorized to charge the undersigned's Deposit Account No. 50-0206. 
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Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact Applicant's 
undersigned representative at the telephone number listed below. 



Respectfully submitted, 
HUNTON & WILLIAMS 

Dalei Don^"^ 
Registration No. 60,363 

James R. Miner 
Registration No. 40,444 



Hunton & Williams LLP 
1900 K Street, N.W., Suite 1200 
Washington, D.C. 20006-1109 
(202) 955-1500 

Dated: cfplLM ^ Zoo*} 
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